User Management v3 APIs
Overview
The User Management v3 APIs allow you to manage users, user groups, domains, permissions, and account policies in the system. These APIs support operations such as:
- Retrieving user profiles
- Locking or unlocking users
- Deleting users or groups
- Managing domains
- Configuring permissions and account policies
Example API Request:
https://apm-prod-server:8443/api/v3/users
Types of User Management v3 APIs
Browse through the following topics to perform user management operations to required endpoints:
Following are the consolidated list of categories and their corresponding v3 APIs supported for User Management in Applications Manager.
| S.No. | Method | Endpoint | Description | Roles Required |
|---|
| USERS |
| 1 | GET | /users | Get all users | Administrator, User |
| 2 | PUT | /users/{userProfileId}/status | Update user status | Administrator |
| 3 | DELETE | /users/{userProfileId} | Delete a single user | Administrator |
| 4 | DELETE | /users | Delete multiple users | Administrator |
| USER GROUPS |
| 5 | GET | /usergroups | Get all user groups | Administrator, User |
| 6 | DELETE | /usergroups/{userGroupId} | Delete a single user group | Administrator |
| 7 | DELETE | /usergroups | Delete multiple user groups | Administrator |
| USER DOMAINS |
| 8 | GET | /userdomains | Get all user domains | Administrator, User |
| 9 | DELETE | /userdomains/{userDomainId} | Delete a single user domain | Administrator |
| 10 | DELETE | /userdomains | Delete multiple user domains | Administrator |
Permission Keys
Following are the list of permission keys used in various response parameters of User Management v3 APIs based on their user roles:
Administrator role permissions
| Permission Key | Description |
|---|
shutdownPermission | Allow admin to shut down the server |
allowAdminWindowsServices | Allow admin to manage Windows services |
allowAdminToManageDB | Allow admin to manage database |
allowAdminToManageSQLUser | Allow admin to manage SQL users |
allowAdminToUpdateConfig | Allow admin to update configuration |
Delegated Administrator role permissions
| Permission Key | Description |
|---|
disableRestrictedAdmin | Disable restricted admin functionality |
allowDAdminViewAllCredentials | Allow viewing all credentials |
allowDAdminViewAllThresholds | Allow viewing all thresholds |
allowDAdminViewAllActions | Allow viewing all actions |
delAdmin_sendEmail | Allow send email action |
delAdmin_sms | Allow SMS action |
delAdmin_program | Allow execute program action |
delAdmin_trap | Allow SNMP trap action |
delAdmin_sdp | Allow ServiceDesk Plus integration action |
delAdmin_mbean | Allow MBean action |
delAdmin_heap | Allow heap dump action |
delAdmin_amazon | Allow Amazon action |
delAdmin_vm | Allow VM action |
delAdmin_container | Allow container action |
delAdmin_windows | Allow Windows action |
allowDelAdminToTrustCertificates | Allow trusting certificates |
allowDelAdminToManageDB | Allow database management |
allowDelAdminToManageSQLUser | Allow SQL user management |
allowDelAdminToUpdateConfig | Allow configuration update |
delAdmin_sqlJobAction | Allow SQL job action |
delAdmin_restapi | Allow REST API action |
delAdmin_slack | Allow Slack action |
allowDAdminEditEUMAgents | Allow editing EUM agents |
delAdmin_siem | Allow SIEM action |
delAdmin_splunk | Allow Splunk action |
Operator role permissions
| Permission Key | Description |
|---|
allowOperatorManage | Allow operator to manage monitors |
allowOperatorUnmanageAndReset | Allow operator to unmanage and reset |
allowOperatorExecuteAction | Allow operator to execute actions |
allowOperatorServices | Allow operator to manage services |
allowOperatorUpdateIP | Allow operator to update IP addresses |
allowOperatorEdit | Allow operator to edit monitors |
allowOPRProcess | Allow operator to manage processes |
allowDownTimeSchedule | Allow operator to schedule downtime |
allowOprViewAllDownTimeSchedule | Allow operator to view all downtime schedules |
allowJumptoLink | Allow operator to use jump-to links |
allowClearAlarms | Allow operator to clear alarms |
allowOperatorEditTabs | Allow operator to edit dashboard tabs |
allowManageDB | Allow operator to manage database |
allowUpdateConfig | Allow operator to update configuration |
showManagedServersForOP | Show managed servers for operator |
User role permissions
| Permission Key | Description |
|---|
allowUserEditTabs | Allow user to edit dashboard tabs |
am.admin.usermgmt.user.credential.enabled | Allow user to access credentials section |
am.admin.usermgmt.user.security.enabled | Allow user to access security section |
am.admin.usermgmt.user.usermgmt.enabled | Allow user to access user management section |
am.admin.usermgmt.user.actionaudit.enabled | Allow user to access action audit section |
Error Codes
Following are the list of permission keys used in various response parameters of User Management v3 APIs. All error responses follow this standard format:
{
"message": "failure",
"data": [
{
"errorCode": "ERROR_CODE_NAME",
"errorMessage": "Human-readable error description"
}
],
"meta": {}
}
| Error Code | HTTP Status | Description |
|---|
API_USER_UNAUTHENTICATED | 401 | API key is missing or invalid |
CLIENT_USER_UNAUTHENTICATED | 401 | Client session is not authenticated |
USER_UNAUTHORIZED | 403 | User does not have permission for this operation |
INVALID_USER_ROLE | 400 / 401 | Invalid role specified or user role is insufficient |
JSON_PARSER_ERROR | 400 | Request body contains malformed JSON |
INTERNAL_SERVER_ERROR | 500 | An unexpected internal server error occurred |
INTERNAL_DAO_ERROR | 500 | Database operation failed |
INVALID_REQUEST_PARAMS | 400 | Request contains invalid or missing parameters |
INVALID_APIKEY_USER | 401 | API key does not correspond to a valid user |
FILE_NOT_UPLOADED | 400 | Expected file upload was not found |
UNSUPPORTED_OPERATION | 400 | The requested operation is not supported. |
